Bug X Hunter

Privacy Policy

Last Updated on Jul 28th, 2023

1. PURPOSE

This Privacy Policy is incorporated by reference into the BugXHunter Terms of Service (the “Terms”). The terms “BugXHunter,” “we,” and “us” include BugXHunter Pty Ltd and our affiliates and subsidiaries. This Privacy Policy explains our online and offline information practices, the kinds of information we may collect, how we intend to use and share that information, and how you can opt-out of a use or correct or change such information. All capitalized terms not defined herein will have the meanings set forth in the Terms.

2. SCOPE

This Privacy Policy applies to personal information that is processed by BugXHunter in the course of our business, including on BugXHunter websites (each a “Site”), applications, forums, blogs, and other online or offline offerings (collectively, the “Services”). All individuals whose responsibilities include the processing of personal information on behalf of BugXHunter are expected to protect that data by adherence to this Privacy Policy. This Privacy Policy is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions.

3. TRANSPARENCY/NOTICE

The types of personal information we may collect and our privacy practices depend on the nature of the relationship you have with BugXHunter and the requirements of applicable law. Some of the ways that BugXHunter may collect personal information include:

  • You may provide personal information directly to BugXHunter through interacting with the Services, participating in surveys, during events such as sweepstakes, and requesting Services, or information.
  • As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.

We endeavor to collect only that information which is relevant for the purposes of processing. Below are the ways we collect personal information and how we use it.

3.1 TYPES OF PERSONAL INFORMATION WE COLLECT

BugXHunter collects personal information regarding its current, prospective, and former clients, customers, users, visitors, and guests (collectively “Individuals”).

  • Information You Provide Directly to Us. When you use the Services or engage in certain activities, such as registering for an account with BugXHunter, responding to surveys, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:
    • User Profiles. When you create a profile, BugXHunter may collect certain personal information including your name, contact details, photographs, examples of your work, information on work previously performed via the Service and outside the Service, skills and other information, including your username (“Profile”). The information in your Profile may be visible to all BugXHunter users and the general public.
    • Communications with Us. We may collect personal information from you such as email address, phone number or mailing address when you choose to request information about our Services, register for BugXHunter’s newsletter, request to receive customer or technical support, or otherwise communicate with us.
    • Surveys. From time to time, we may contact you to participate in online surveys. If you do decide to participate, you may be asked to provide certain information which may include personal information. All information collected from your participation in our surveys is provided by you voluntarily. We may use such information to improve our products, Sites and/or services and in any manner consistent with the policies provided herein.
    • Posting on the Services. BugXHunter may offer publicly accessible pages, blogs, private messages, or community forums. You should be aware that, when you disclose information about yourself in on BugXHunter’s pages, blogs, private messages, and community forums, the Services will collect the information you provide in such submissions, including any personal information. If you choose to submit content to any public area of the Services, such content will be considered “public” and will not be subject to the privacy protections set forth herein.
    • Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences.
    • Cookies, Pixel Tags/Web Beacons, and Analytics Information. We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. We use Technologies that are essentially small data files placed on your computer, tablet, mobile phone, or other devices (referred to collectively as a “device”) that allow us to record certain pieces of information whenever you visit or interact with our sites, services, applications, messaging, and tools, and to recognize you across devices.
    • Cookies. Cookies are small text files placed in visitors’ device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
    • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
    • Embedded Scripts. We and our marketing partners, affiliates, analytics, and service providers may also employ software technology known as an embedded script. An embedded script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your computer or other device and is deactivated or deleted when you disconnect from the Service.
    • Social Media Widgets. Our Website includes social media features such as the Facebook “Like” button and LinkedIn (that might include widgets such as the share this button or other interactive mini-programs). These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing it.
    • Analytics. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
  • Information Submitted Via Services. You agree that BugXHunter is free to use the content of any communications submitted by you via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosed therein, for any purpose including developing, manufacturing, and/or marketing goods or Services. BugXHunter will not release your name or otherwise publicize the fact that you submitted materials or other information to us unless: (a) you grant us permission to do so or it is otherwise necessary as part of the Services, such as to facilitate payment to you as a researcher; (b) we first send notice to you that the materials or other information you submit to a particular part of a Service will be published or otherwise used with your name on it; or (c) we are required to do so by law.
  • Information from Other Sources. We may receive information about you from other sources, including through third-party services and organizations to supplement information provided by you. For example, if you access or use our Services through a third-party application, we may collect information about you from that third-party application that is public via your privacy settings or is otherwise available. This supplemental information allows us to verify information that you have provided to BugXHunter and to enhance our ability to provide you with information about our business, products, and Services.
3.2 HOW BUGXHUNTER USES YOUR INFORMATION

We acquire, hold, use, and process personal information about Individuals for a variety of business purposes, including:

  • To Provide Products, Services, or Information Requested. BugXHunter may use information about you to provide the Services and fulfill requests for products or information, including to:
    • Generally manage Individual information and accounts;
    • Respond to questions, comments, and other requests;
    • To assess vulnerabilities and other bugs you discover in the course of your use of the Services;
    • Provide access to certain areas, functionalities, and features of BugXHunter’s Services;
    • Contact you to answer requests for customer support or technical support;
    • Allow you to register for events.
  • Administrative Purposes. BugXHunter may use personal information about you for its administrative purposes, including to:
    • Measure interest in BugXHunter’s Services;
    • Develop new products and Services;
    • Ensure internal quality control;
    • Verify Individual identity;
    • Communicate about Individual accounts and activities on BugXHunter’s Services and systems, and, in BugXHunter’s discretion, changes to any BugXHunter policy;
    • Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as Account management, customer service, or system maintenance;
    • Process payment for products or services purchased;
    • Process applications and transactions;
    • Prevent potentially prohibited or illegal activities;
    • Enforce our Terms.
  • Marketing BugXHunter Products and Services. BugXHunter may use personal information to provide you with materials about offers, products, and Services that may be of interest, including new content or Services. BugXHunter may provide you with these materials by phone, postal mail, facsimile, or email, as permitted by applicable law. Such uses include:
    • To tailor content, advertisements, and offers;
    • To notify you about offers, products, and services that may be of interest to you;
    • To provide Services to you and our sponsors;
    • For other purposes disclosed at the time that Individuals provide personal information; or
    • Otherwise with your consent.
      You may contact us at any time to opt-out of the use of your personal information for marketing purposes, as further described in Section 5 below
  • Research and Development. BugXHunter may use personal information alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services.
  • Direct Mail, Email and Outbound Telemarketing. Individuals who provide us with personal information, or whose personal information we obtain from third parties, may receive periodic emails, newsletters, mailings, or phone calls from us with information on BugXHunter’s or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the Individual by following the instructions in Section 5 below.
  • Services via Mobile Devices. From time to time, BugXHunter may provide Services that are specifically designed to be compatible and used on mobile devices. BugXHunter will collect certain information that your mobile device sends when you use such Services, like a device identifier, user settings, location information, mobile carrier, and the operating system of your device. Mobile versions of BugXHunter’s Services may require that users log in with an account. In such cases, information about use of mobile versions of the Services may be associated with accounts. In addition, BugXHunter may enable Individuals to download an application, widget, or other tool that can be used on mobile or other computing devices. Some of these tools may store information on mobile or other devices. These tools may transmit personal information to BugXHunter to enable Individuals to access accounts and to enable BugXHunter to track use of these tools. Some of these tools may enable users to email reports and other information from the tool. BugXHunter may use personal or non-identifiable information transmitted to BugXHunter to enhance these tools, to develop new tools, for quality improvement and as otherwise described in this Privacy Policy or in other notices BugXHunter provides.
  • De-Identified and Aggregated Information Use. BugXHunter may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access BugXHunter’s Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. De-identified and/or aggregated information is not personal information, and BugXHunter may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within BugXHunter and with third parties for our or their purposes in an de-identified and/or aggregated form that is designed to prevent anyone from identifying you
  • Sharing Content with Friends or Colleagues. BugXHunter’s Services may offer various tools and functionalities to share content. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by BugXHunter or any other third parties for any other purpose.
  • Other Uses. BugXHunter may use personal information for which we have a legitimate interest, such as network and information security, direct marketing, disclosure to affiliated organizations, research (including marketing research), fraud prevention, or any other purpose disclosed to you at the time you provide personal information or with your consent.
  • Uses of Automatic Collection Technologies. Our use of the Technologies fall into the following general categories:
    • Operationally Necessary. We may use cookies, web beacons, or other similar technologies that are necessary to the operation of our sites, services, applications, and tools. This includes technologies that allow you access to our sites, services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity and improve security; or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions;
    • Performance Related. We may use cookies, web beacons, or other similar technologies to assess the performance of our websites, applications, services, and tools, including as part of our analytic practices to help us understand how our visitors use our websites, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, services, or tools;
    • Functionality Related. We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing or using our sites, services, applications, or tools. This may include identifying you when you sign into our sites or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our sites;
    • Advertising or Targeting Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.

If you would like to opt-out of the Technologies we employ on our Services, you may do so by blocking, deleting, or disabling them as your browser or device permits.

3.3 THIRD-PARTY WEBSITES AND SOCIAL MEDIA PLATFORMS

The Services may contain links to other websites and other websites may reference or link to our Services. These other domains and websites are not controlled by us, and BugXHunter does not endorse or make any representations about third-party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

BugXHunter’s Services may include publicly accessible blogs, community forums, or private messaging features. The Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Site or other Services. You should be aware that personal information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes.

3.4 THIRD-PARTY PAYMENT PROCESSING

If you use the Services to make, receive or facilitate payments in connection with the Services, we and Third-Party applications may collect certain financial information from you to process transactions, including your name, email address, address, financial account information and other billing information.

4. ONWARD TRANSFER—BUGXHUNTER MAY DISCLOSE YOUR INFORMATION
4.1 INFORMATION WE SHARE

We may share your information as described in this Privacy Policy (e.g., with our third-party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission.

  • We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers. The types of service providers (processors) to whom we entrust personal information include service providers for: (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; (iv) customer service activities; and (v) in connection with the provision of the Services. BugXHunter has executed appropriate contracts with the service providers that prohibit them from using or sharing personal information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.
  • Business Partners. BugXHunter may share personal information with our business partners, and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. BugXHunter may also provide personal information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with BugXHunter. BugXHunter requires our affiliates and business partners to agree in writing to maintain the confidentiality and security of personal information they maintain on our behalf and not to use it for any purpose other than the purpose for which BugXHunter provided them.
  • Content Visible to Others. When you create a Profile or post content to the Services, this information may be displayed to others. We are not responsible for privacy practices of the other users who will view and use the posted information.
  • Marketing – Interest-Based Advertising and third party Marketing. Through our Services, BugXHunter may allow third-party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information as well as selected personal information (such as demographic information and past purchase history) we have collected with third-party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non-BugXHunter related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.” We may allow access to other data collected by the Services to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer that we do not share your personal information with third-party advertising partners, you may opt-out of such sharing at no cost by following the instructions in Section 5 below.
  • Disclosures to Protect Us or Others (e.g., as Required by Law and Similar Disclosures). We may access, preserve, and disclose your personal information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce BugXHunter policies or contracts; (v) to collect amounts owed to BugXHunter; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
    In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
  • Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. In such event, BugXHunter will endeavor to direct the transferee to use personal information in a manner that is consistent with the Privacy Policy in effect at the time such personal information was collected.
4.2 INTERNATIONAL DATA TRANSFERS

All personal information collected via or by BugXHunter may be transferred, Processed, and stored anywhere in the world, including but not limited to, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers in order to provide the Services. Your personal information may be accessible to law enforcement or other authorities pursuant to a lawful request. Where required by law, international transfers of personal information will be supported by an adequacy mechanism. In the case of transfers of data out of Europe, we rely on Standard Contractual Clauses under the EU General Data Protection Regulation (“GDPR”) and endeavor to utilize third-party service providers that provide adequate protections that are compliant with the GDPR such as implementing Standard Contractual Clauses or Binding Corporate Rules. 

5. YOUR PRIVACY RIGHTS

What is the General Data Protection Regulation (GDPR)?

GDPR is a new set of rules in the European Union designed to give residents of the EU more control over Personal Data. Its goal is to ensure that citizens and businesses in the European Union can fully benefit from the modern digital economy. According to the text, the “Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.” Generally, it applies to the Personal Data of EU residents and the companies that handle it. Refer to articles 1-3 of the GDPR to determine whether it applies to you.

Your Rights Under GDPR

If GDPR applies to you, you can find the complete list of data subject rights in Chapter 3 of the GDPR, or see some of the rights summarized below:

Right to Access – You have the right to obtain information about the processing activities of a data controller and the personal data of yours that they are processing.

Right to Rectification – The right to rectification concerns the ability to correct any inaccurate data concerning the data subject.

Right to Erasure – This is also known as the right to be forgotten, and gives you the right to request deletion of your personal data held by the controller.

Right to Restrict Processing – Right to restrict processing where data is inaccurate or use is unlawful or no longer needed.

Right to Portability – You have the right to receive requested personal data in a commonly used and machine-readable format.

Under the provisions of the Australian Privacy Principles (APPs), we affirm that we do not engage in the trade or exchange of your personal information.

In compliance with these principles, you may be entitled to: (i) seek confirmation if we are handling your personal information; (ii) gain access to or procure a copy of your personal information; (iii) receive an electronic copy of the personal information that you have entrusted us with, or request us to transmit that information to another entity (the “right of data portability”); (iv) limit our utilisation of your personal information; (v) seek correction or amendment of inaccurate, false, incomplete, or improperly handled personal information; (vi) retract your consent and (vii) request deletion of personal information we hold about you, bearing in mind specific exceptions outlined by law.

Provided it aligns with prevailing laws, you can send an e-mail to [email protected] or use any of the methods outlined in this Privacy Policy to exercise your rights pertaining to personal information. Please include your full name, email address linked with your Account, and a thorough explanation of your data request. We will process these requests in compliance with applicable laws.

To safeguard your privacy, BugXHunter will undertake all reasonable measures to authenticate your identity before providing access to or making any modifications to your personal information.

If you are an Australian resident, you have the right not to be subject to discriminatory treatment by BugXHunter when exercising the rights granted to you under the Australian Privacy Principles.

6. DATA RETENTION

BugXHunter retains the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

7. SECURITY OF YOUR INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.

By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services or sending an e-mail to you. You may have a legal right to receive this notice in writing.

8. Australian Privacy Principles

In compliance with the Australian Privacy Principles (APPs), users who are Australian residents have the right to request and receive from us once a year, free of charge, a list of the third parties to whom we have disclosed or shared their personal information (if any) for their direct marketing purposes in the prior calendar year, along with the type of personal information disclosed or shared with those parties. Except as otherwise stipulated in this Privacy Policy, BugXHunter does not share personal information with third parties for their independent marketing purposes.

9. CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, please contact Bugcrowd by email at [email protected].

10. REVISION HISTORY:
  • BugXHunter Privacy Policy updated (effective 28/07/23)
Bug X Hunter

All-in-one bug bounty and security testing platform for businesses and security researchers.

Our Office

Level 3, 31 Alfred St
Sydney, NSW 2000
Australia

Subscribe

Subscribe to our newsletter and stay informed of all future platform releases and updates

© 2023 BugXHunter. All Rights Reserved

Scroll to Top